EDIT: Just thanking everyone for the thoughtful responses. Really enjoyed reading everyone’s takes here and will definitely think on things moving forward and try various configurations out!
Hi all, interested in your thoughts here. Recently signed up for Proton Unlimited via Black Friday sale mainly for email/VPN/drive. For passwords I’ve been happy with Bitwarden and DDG for email forwarding (plus you get a duck.com address which is just fun).
If you were me would you move over to ProtonPass to streamline, or keep these things broken up? On one hand I don’t want all my eggs in one basket, on the other hand I feel like it means I am trusting my info to one Swiss-based org vs Proton + DDG/Bitwarden which are US based. Plus if I am paying for a service I feel a little less like the product in the long term.
Feel pretty ok with both options as my main objective is de-Googling, but interested to hear what has worked well for others. Appreciate any input!
No. Proton’s sketchy business aside, I wouldn’t put everything into one basket. Bitwarden also supports a few email aliasing services natively using an API token.
I’m using Proton Pass aliases and they work like a charm. With the browser plugin, it’s easily feasible to generate one for every single thing you sign up for. I would argue that there are some advantages over DDG (although I haven’t used their service in for quite a while):
- Proton applies E2EE to incoming mails
- If the mails go to your Proton account anyway, removing DDG means removing a proxy that could read your mails or be an attack vector to do so
- Afaik you can secure your proton account way beyond what DDG offers (password + 2FA + Sentinel + extra password for Mail + extra password for Pass) if you want to
- Convenience: You can manage everything in Pass and it tells you right away what you created an alias for, allows to create accounts from it etc.
Is it a total game changer? Probably not.
I’m a fan of separating services when possible.
And emails are a huge pain to change, so it might be worth considering an email service with your own domain name.
Proton with a domain you control and use their Simplelogin which you can self host down the line should there be a rug-pull event. I think you need to manually export this so make it a habit as you add them!
You can put your eggs in one basket, just make sure you have a plan B if the basket catches on fire, using their domain in my eyes you’re going down with the ship, if you control it you’re just repointing records to a new host and getting simplelogin going.
This is part of the reason I like to keep ALL of my emails on disk still as well, if you can’t decrypt your mailbox for some reason they’re about as good as gone.
A custom domain is $12/yr, and SimpleLogin lets you do automatic regex emails, so I can just make a quick website.spam@customdomain.com email for each website. Would recommend.